From 3049534c405e1f59a718c2f6b8d114cafa28bb4c Mon Sep 17 00:00:00 2001
From: Gabriel MABILLE <gamab@users.noreply.github.com>
Date: Wed, 1 Jun 2022 17:10:47 +0200
Subject: [PATCH] Azure OAuth: silent fail on getting groups (#49909)

---
 pkg/login/social/azuread_oauth.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/pkg/login/social/azuread_oauth.go b/pkg/login/social/azuread_oauth.go
index 774e7bdfa55..7296a90ce58 100644
--- a/pkg/login/social/azuread_oauth.go
+++ b/pkg/login/social/azuread_oauth.go
@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"io"
 	"net/http"
 	"strings"
 
@@ -214,9 +215,11 @@ func extractGroups(client *http.Client, claims azureClaims, token *oauth2.Token)
 	if res.StatusCode != http.StatusOK {
 		if res.StatusCode == http.StatusForbidden {
 			logger.Warn("AzureAD OAuh: Token need GroupMember.Read.All permission to fetch all groups")
-			return []string{}, nil
+		} else {
+			body, _ := io.ReadAll(res.Body)
+			logger.Warn("AzureAD OAuh: could not fetch user groups", "code", res.StatusCode, "body", string(body))
 		}
-		return nil, errors.New("error fetching groups")
+		return []string{}, nil
 	}
 
 	var body getAzureGroupResponse